[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: More FUD from First Virtual
Excerpts from mail.limbo: 10-Dec-95 Re: More FUD from First Vir.. Bill
[email protected] (1289*)
> At 08:51 AM 12/10/95 -0500, Nathaniel Borenstein <[email protected]> (Tense Hot
> Alien In Barn) wrote:
> >In any event, I could write a virus that sits in
> >front of the e-cash program and steals your keys when next you run the
> >e-cash program. Software's just too easy to fool. That's why I regard
> >the risk of catastrophe as being fairly large in software-based e-cash
> >schemes.
> How is this different for an ecash program vs. a First Virtual email
> acknowledgement program, where either a (really hairy) virus, or,
> more practically, an active email interloper could fake FV acks?
It's fundamentally different because FV (unlike all the other systems,
to my knowledge) is a "closed loop" financial instrument. By this I
mean that it doesn't depend on a one-way passage of some kind of
credentials to consummate a transaction. It would be almost equally
easy to write a keyboard virus that intercepted your FV-ID as it would
be to write one that intercepted your e-cash keys, but then there would
be a pretty significant additional layer for the seamless interception
and response to the confirmation email. (Note the "seamless" here. If
you do it in such a way that it interferes with the user's normal mail,
it will be caught pretty quickly.) Also, the "almost equally easy"
refers to the fact that FV-ID's are free-form text, a very deliberate
design decision that makes them far harder to sniff, even at the
keyboard level, than credit card numbers (which are self-identifying),
although a good e-cash system will share this quality for its pass
phrases.
> While hardware may be the best encryption solution for the average user
> (as you say, and I think I agree with you), it needs to have some password
> interface such as a small keypad on the front of the smartcard, to prevent
> its usability after theft.
Right, absolutely. But in this case, a virus still can't fake what's on
the hardware.
> Of course, there are problems with digicash as well; my Digicash play-money
> account thinks it's empty (in spite of having half a dozen coin-looking files),
> and doesn't recognize any of the half-dozen passwords I've guessed I might have
> used with it, so I'm not able to use Sameer's digicash-powered remailer.
And you're a *sophisticated* user, right Bill? This just underscores
some other comments I've made in the past about Joe Sixpack. I think
there will be serious usability problems. -- Nathaniel
--------
Nathaniel Borenstein <[email protected]> | (Tense Hot Alien In Barn)
Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON:
FAQ & PGP key: [email protected] | http://www.netresponse.com/zldf